summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2013-10-15 12:07:05 +1100
committerDamien Miller <djm@mindrot.org>2013-10-15 12:07:05 +1100
commit6efab27109b82820e8d32a5d811adb7bfc354f65 (patch)
treeafb2adf82c98f3105a730e266afac2a715188a79
parent61c7de8a94156f6d7e9718ded9be8c65bb902b66 (diff)
- jmc@cvs.openbsd.org 2013/10/14 14:18:56
[sftp-server.8 sftp-server.c] tweak previous; ok djm
-rw-r--r--ChangeLog4
-rw-r--r--sftp-server.824
-rw-r--r--sftp-server.c9
3 files changed, 21 insertions, 16 deletions
diff --git a/ChangeLog b/ChangeLog
index 83b9b886..3adcac5c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -25,6 +25,10 @@
- djm@cvs.openbsd.org 2013/10/11 02:53:45
[sftp-client.h]
obsolete comment
+ - jmc@cvs.openbsd.org 2013/10/14 14:18:56
+ [sftp-server.8 sftp-server.c]
+ tweak previous;
+ ok djm
20131010
- (dtucker) OpenBSD CVS Sync
diff --git a/sftp-server.8 b/sftp-server.8
index d7604b28..1e0b277b 100644
--- a/sftp-server.8
+++ b/sftp-server.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: sftp-server.8,v 1.24 2013/10/09 23:42:17 djm Exp $
+.\" $OpenBSD: sftp-server.8,v 1.25 2013/10/14 14:18:56 jmc Exp $
.\"
.\" Copyright (c) 2000 Markus Friedl. All rights reserved.
.\"
@@ -22,7 +22,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: October 9 2013 $
+.Dd $Mdocdate: October 14 2013 $
.Dt SFTP-SERVER 8
.Os
.Sh NAME
@@ -35,6 +35,8 @@
.Op Fl d Ar start_directory
.Op Fl f Ar log_facility
.Op Fl l Ar log_level
+.Op Fl P Ar blacklisted_requests
+.Op Fl p Ar whitelisted_requests
.Op Fl u Ar umask
.Ek
.Nm
@@ -98,35 +100,33 @@ DEBUG and DEBUG1 are equivalent.
DEBUG2 and DEBUG3 each specify higher levels of debugging output.
The default is ERROR.
.It Fl P Ar blacklisted_requests
-Specify a comma-separated list of sftp protocol requests that are banned by
+Specify a comma-separated list of SFTP protocol requests that are banned by
the server.
.Nm
will reply to any blacklisted request with a failure.
The
.Fl Q
-flag allows querying
-.Nm
-to determine the supported request types.
+flag can be used to determine the supported request types.
If both a blacklist and a whitelist are specified, then the blacklist is
applied before the whitelist.
.It Fl p Ar whitelisted_requests
-Specify a comma-separated list of sftp protocol requests that are permitted
+Specify a comma-separated list of SFTP protocol requests that are permitted
by the server.
All request types that are not on the whitelist will be logged and replied
to with a failure message.
.Pp
Care must be taken when using this feature to ensure that requests made
-implicitly by sftp clients are permitted.
+implicitly by SFTP clients are permitted.
.It Fl Q Ar protocol_feature
Query protocol features supported by
.Nm .
At present the only feature that may be queried is
.Dq requests ,
-that may be used for whitelisting or blacklisting (flags
-.Fl p
-and
+which may be used for black or whitelisting (flags
.Fl P
-respectively.)
+and
+.Fl p
+respectively).
.It Fl R
Places this instance of
.Nm
diff --git a/sftp-server.c b/sftp-server.c
index 52278148..b62bd351 100644
--- a/sftp-server.c
+++ b/sftp-server.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sftp-server.c,v 1.99 2013/10/10 00:53:25 djm Exp $ */
+/* $OpenBSD: sftp-server.c,v 1.100 2013/10/14 14:18:56 jmc Exp $ */
/*
* Copyright (c) 2000-2004 Markus Friedl. All rights reserved.
*
@@ -1392,9 +1392,10 @@ sftp_server_usage(void)
fprintf(stderr,
"usage: %s [-ehR] [-d start_directory] [-f log_facility] "
- "[-l log_level]\n\t[-p request_whitelist] [-P request_blacklist] "
- "[-Q feature] [-u umask]\n",
- __progname);
+ "[-l log_level]\n\t[-P blacklisted_requests] "
+ "[-p whitelisted_requests] [-u umask]\n"
+ " %s -Q protocol_feature\n",
+ __progname, __progname);
exit(1);
}